2. Chapter Objectives:
• Recognize the role independent auditors play in achieving effective corporate
governance and reliable financial reports.
• Understand the history of auditing, the traditional roles of auditors, and regulations
recently placed on them.
• Address the expectation gap regarding what auditors can provide in the way of
reasonable assurance and the expectations of investors for a higher level of
assurance.
• Identify the roles and responsibilities of the PCAOB, and discuss the auditing
standards published by the PCAOB.
• Demonstrate the importance of auditor independence both in fact and in appearance.
• Discuss an integrated audit of both financial statements and ICFR.
• Address the issue of a liability cap for independent auditors, and understand the
rationale on both sides of the issue.
VIDEO ( VIDEO)
3. Key Terms
The Accountancy Investigation & Discipline Board (AIDB)
Audit quality
Audit risk
Audit strategy
Auditor independence
Control risk
Detection risk
Expectation gap
Inherent risk
Integrated audit approach
Internal Revenue Service (IRS)
International Standards on Auditing (ISAs)
PCAOB-US
Professional Ethics Executive
Committee (PEEC)
Standing Advisory Group (SAG)
Statements on Auditing Standards
5. External Auditor Responsibility
Current auditing standards require that independent auditors
provide reasonable assurance that the financial statements
are free from material misstatements, whether caused by
error or fraud, to render an unqualified opinion on the financial
statements.
External auditors are not and should not be expected to
provide absolute assurance regarding reliability of financial
statements, but the public expectations concerning external
auditors performance are high.
Users of audited financial statements generally expect
external auditors to detect financial statement fraud and
employees’ illegal acts and fraud, which affects the integrity
of financial reports. External auditors, however, are more
concerned with material misstatements in the audited
financial statements.
6. Auditor Competency
1. Professional competencies. To audit public companies,
auditors should register with the PCAOB and meet all
registration and inspection requirements.
2. Technical competencies. Auditors should be knowledgeable
in professional standards, rules, laws and regulations, and
understand their clients’ industry and business, corporate
governance, financial reporting process, and internal
controls.
3. Process competencies. Auditor’s ability to choose
appropriate evidence-gathering procedures (tests of
controls, substantive tests) and execute auditing
procedures
4. Reporting competencies. Reporting competencies refer to
the auditors’ ability and willingness to discover and report
material misstatements.
7. Reports Accompanying
Financial Statements
• Report on financial statements and related disclosures
(prepared by auditor)
Are financial statements and disclosures according to GAAP?
• Report on internal control over financial reporting
(prepared by management)
Has company maintained effective internal control over financial
reporting?
• Report on internal control over financial reporting
(prepared by auditor)
Is management’s assessment of its internal control appropriate?
Has company maintained effective internal control over financial
reporting?
8. The Purpose of the Audit Report
• Definition of auditing: “... communicating results to
interested users.”
• Indicate whether the FS are in accordance with GAAP
Provide indication of what the FS would be like if GAAP were
followed
Provide any company-omitted disclosures
• Indicate any unusual aspects of the audit examination
Scope limitations
Division of responsibility
• Indicate any unusual matters related to the company
Going concern uncertainty
Consistency
Emphasize a matter
9. Four Categories of
Audit Reports
• Standard unqualified (clean opinion)
• Unqualified with explanatory paragraph or
modified wording
• Qualified
• Adverse or disclaimer
10. Definitions: Webster’s New
Unabridged Dictionary
• Qualified:
Having met conditions or requirements set
Limited, modified
• Unqualified:
Not having the usual or requisite talents,
abilities, or accomplishments
Not modified, limited, or restricted by conditions
or exceptions
11. Types of Audit Reports
Type of Report Interpretation
Unqualified Financial statements taken as a whole present fairly
Opinion the financial position, results of operations, and cash
flows in conformity with generally accepted
accounting principles (GAAP).
Qualified Opinion ―Except for‖ the effects of a particular matter, the
financial statements present fairly the financial
position, results of operations, and cash flows in
conformity with GAAP.
Adverse Opinion Financial statements do not present fairly the financial
position, results of operations, and cash flows in
conformity with GAAP.
Disclaimer of Auditor does not express an opinion on the financial
Opinion position, results of operations, or cash flows.
13. Standard Unqualified Report
The five necessary conditions have been met:
1. All four required statements are included.
2. The three general standards have been
followed in all respects on the engagement.
3. Sufficient evidence has been accumulated
and the auditor has conducted the
engagement in a manner that enables the
conclusion that the three standards of field
work have been met.
14. Standard Unqualified Report
4. The financial statements are presented in
accordance with GAAP (including adequate
disclosures.
5. There are no circumstances requiring the
addition of an explanatory paragraph or
modification of the report wording.
15. Standard Unqualified Audit Report
(Nonlisted Companies)
Title Report of Independent Auditor
Address To the Board of Directors and stockholders of Any
to client company
Audit AuditWe have audited the accompanying balance
notice notice of Any company as of December 31, 1990
sheets
and 1989, and the related statements of income,
Identify Management
retained earnings, and cash flows for the year
the responsibility
then ended. These financial statements are the
financial responsibility of the company’s management. Our
statement responsibility is to express an opinion on these Auditor
s financial statements based on our audits. responsibility
continued
16. We conducted our audits in accordance with
generally accepted auditing standards. Those
standards require that we plan and perform the
audit to obtain reasonable assurance about
whether the financial statements are free of
material misstatement. An audit includes
Descriptio examining, on a test basis, evidence supporting
n of the the amounts and disclosures in the financial
audit statements. An audit also includes assessing the
accounting principles used and significant
estimates made by management, as well as
evaluating the overall financial statement
No special presentation. We believe that our audit provides a Opinion on
In our opinion, the financial statements
mention of reasonableabove for our opinion. all material
referred to basis present fairly, in financial
adequate statement
respects, the financial position of Any company as
disclosure s
of December 31, 1990 and 1989, and the results
or
of its operations and its cash flows for the years Refer to
consistenc
then ended in conformity with generally accepted GAAP
y
accounting principles.
Signature ___________________________________,
CPA
Date February 28, 1991
17. Audit Failures and Audit Quality
Following is the list of the initiatives that have been
suggested to improve audit quality, as well as transparency.
1. Publication of audit engagement letters
2. Shareholders’ rights to question auditors
3. Publication of auditor resignation statements
4. Lead audit partner’s signature on audit reports
5. Active audit committee participation in evaluating the
scope and results of the integrated audit of both ICFR and
financial statements
6. Mandatory rotation of the audit firm every seven to twelve
years in the context of the quality of audit work performed
by the firm and the audit efficacy
7. Mandatory shareholder vote on the ratification of the
independent auditor each year
18. Public Company Accounting
Oversight Board
The PCAOB created by SOX to regulate the auditing
profession.
The PCAOB’s primary functions are to:
1. Register public accounting firms that audit public
companies.
2. Inspect the registered public accounting firms on a regular
basis.
3. Establish auditing, attestation, ethics, quality control, and
independence standards.
4. Conduct investigations and disciplinary proceedings.
19. PCAOB Auditing Standards
The PCAOB has issued five auditing standards as of
September 2007:
1. PCAOB Auditing Standard No. 1 (audit is conducted in
accordance with auditing standards of PCAOBUS, the city and
state has to be disclosed)
2. PCAOB Auditing Standards No. 2 and 5 (New PCAOB AS No.
5 superseded AS No. 2 and requires the independent audit to
opine only on the effectiveness of ICFR, not the management
processes and assessments concerning ICFR)
3. PCAOB Auditing Standard No. 3 (auditors are required to
maintain the audit documentation in a sufficient manner and
keep the records for at least seven years)
4. PCAOB Auditing Standard No. 4 (voluntary engagement for
the auditor’s report on the company’s elimination of previously
reported material weaknesses in its ICFR)
20. Roles and Responsibilities—Internal Control over
Financial Reporting
• Management: Designs and implements the system of
internal control over financial reporting; evaluates the
effectiveness of the company’s internal control over financial
reporting and provides a public report on that assessment;
prepares the financial statements.
• Audit Committee: Has responsibility for oversight of the
company’s financial reporting process.
• Independent Auditor: Performs an audit of internal control
over financial reporting and issues a report on
management’s assessment of internal control over financial
reporting and on the effectiveness of internal control over
financial reporting; also performs an audit of the company’s
financial statements.
20
21. What Management’s Report
Will Include
Under the SEC rules, management’s report on internal control over
financial reporting should include the following information:
• Statement of management’s responsibility for establishing and
maintaining adequate internal control over financial reporting.
• Statement identifying the framework used by management to evaluate
the effectiveness of internal control over financial reporting.
• Management’s assessment of the effectiveness of the company’s
internal control over financial reporting as of the end of the company’s
most recent fiscal year, including an explicit statement as to whether that
control is effective and disclosing any material weakness identified by
management in that control.
• Statement that the registered public accounting firm that audited the
financial statements included in the annual report has issued an
attestation report on management’s internal control assessment.
21
22. PCAOB Auditing Standard No. 2:
An Audit of Internal Control over Financial Reporting Performed in Conjunction with
an Audit of Financial Statements
1. AS No. 2 required three integrated reports on:
a. Financial statements audited by registered public accounting
firms.
b. Management’s assessment of the effectiveness of internal
control over financial reporting (Section 404).
c. The effectiveness of internal control over financial reporting
over financial reporting based on the auditor’s attestation of
internal control.
2. AS No. 2 was effective beginning June 17, 2004.
22
23. The Independent Auditor’s Opinion
The content of the auditor’s report is prescribed by the
PCAOB standard. The most common opinions on the
effectiveness of internal control over financial reporting will
be:
• Unqualified Opinion. An opinion that internal control over
financial reporting is effective: no material weaknesses in
internal control over financial reporting exist as of the fiscal
year-end assessment date.
• Adverse Opinion. An opinion that internal control over
financial reporting is not effective: one or more material
weaknesses exist as of the fiscal year-end assessment
date.
• Disclaimer of Opinion. A report stating that restrictions on
the scope of the auditor’s work prevent the auditor from
expressing an opinion on the company’s internal control
over financial reporting.
23
24. Report of Independent Registered Public
Accounting Firm
1. Introductory 2. Scope 3. Definition
Paragraph Paragraph Paragraph
6. Inherent 5. Explanatory 4. Opinion
Limitations Paragraph* Paragraph
Paragraph
7. Signature 8. City and 9. Date
State or
County
*The explanatory paragraph is required only when the auditor’s opinion is other than unqualified and may also be placed after the opinion paragraph
when the auditor issues two separate reports on the audit of financial statements and internal controls, thus making reference to opinion on the
financial statement audit in the report on the internal control audit.
24
25. 25
Source: Release No. 2004-001, pages 116−137, Appendix A—Illustrative Reports, available at pcaobus.org.
26. Source: Release No. 2004-001, pages 116−137, Appendix A—Illustrative Reports, available at pcaobus.org. 26
27. Source: Release No. 2004-001, pages 116−137, Appendix A—Illustrative Reports, available at pcaobus.org. 27
28. PCAOB Auditors Independence
The new rules restrict public accounting firms in
performing a variety of tax services to their audit clients.
The new rules are intended to prevent the selling of
abusive tax shelters.
29. Audit Committee Oversight of
External Auditors
The extended oversight responsibilities for the audit
committee are:
1. Appointment, compensation, and retention of registered
public accounting firms
2. Preapproval of audit services and permissible nonaudit
services
3. Review of the independent auditor’s plan for an integrated
audit of both ICFR and annual financial statements
4. Review and discussion of financial statements audited or
reviewed by the independent auditor
5. Monitoring the auditor’s independence
6. Auditor rotation requirement
30. Audit Committee Oversight of
External Auditors
The number of companies that change auditors, and the
number of auditors changed
31. Independent Auditors
Communications with the Audit
Committee
Communications from the committee to the Communications from the independent
independent auditor: auditor to the audit committee:
1. Appointment and retention approval of the 1. Seeking committee preapproval of all audit and
independent auditor nonaudit services in a timely manner
2. Formal approval of audit and permissible nonaudit 2. The critical accounting policies and practices used by
services management in the preparation of financial statements
3. Formal approval of fees for both audit and nonaudit 3. All alternative treatments of financial information within
services with a keen focus on improving the quality of GAAP
audit and nonaudit services 4. Any accounting disagreements between the
4. Any concerns or risks threatening management’s independent auditor and the company’s management
reputation and integrity, etc. 5. Any material, written communications between the
5. Allegations of financial statement fraud independent auditor and the company’s management
throughout the course of the audit
6. Significant deficiencies and material weaknesses of
ICFR
7. The audit report on annual financial statements
8. The review report on quarterly financial statements
9. The audit report on management’s assessment of the
effectiveness of ICFR
10. The audit report on the effectiveness of ICFR
11. Financial risks associated with financial reports
33. Consolidation and Competition
in Public Accounting Firms
SEC rules require public companies that change their public
accounting firms to file a Form 8-K, Item 4.01, to disclose
changes within four days, whereas auditors are required to
provide standard letters within ten days stating whether they
agree with the company’s disclosure without specifying any
reasons.
34. Integrated Audit Approach
Management assessment on
the effectiveness of ICFR
Effectiveness of both design
and operation of ICFR based
on control criteria
Fair presentation of financial
statements in conformity with
GAAP
35. Audit Strategy
Audit Strategy:
1. No limited tests of controls
2. No use of cycle rotation in tests of controls
3. Dual testing of controls and substantive audit procedures
Auditors should focus on prevention, detection, and correction
of controls at both the company level and the transaction
level. Auditors should perform tests of controls as a basis for
forming an opinion on the effectiveness of ICFR. Auditors
should also perform substantive tests as a basis for
expressing an opinion on the fair presentation of financial
statements, regardless of the identified significant
deficiencies and material weaknesses in internal controls.
37. Brief History Fraud Investigation
• 1900s -- Fraud detection was a primary
objective of the audit
• 1940s -- Detection of fraud considered to be
a ―responsibility not assumed‖
• 1960s -- Auditor acknowledged responsibility
for detecting fraud that would normally be
uncovered by an examination performed in
accordance with GAAS.
• 1980s -- Auditor had responsibility to search
for fraud that may have a material affect on
the financial statements.
• 1997 -- SAS No. 82; 2002 – SAS No. 99
37
38. Types of Fraud Financial Statement Fraud
Misrepresentation of material
facts
Misappropriation of assets
Concealment of material
facts
Management
Fraud
Illegal Acts
Bribery
Conflict of Interest
Embezzlement of money or
FRAUD property
Breach of fiduciary duty
Theft of trade secrets of
Employee intellectual property
Fraud
Illegal acts
39. Why People Commit Fraud
Studies show that employees are likely to
commit fraud when four conditions exist:
– PRESSING FINANCIAL NEED
– OPPORTUNITY
– REASONABLE JUSTIFICATION
– LACK OF MORAL PRINCIPLES
39
41. Profile of Fraud Perpetrators
The fraud perpetrator is more likely to be an ordinary member of the
community: intelligent, respected, never suspected of dishonesty,
NOT YOUR TYPICAL CRIMINAL TYPE.
MORE LIKELY TO BE: LESS LIKELY TO BE:
• A woman • Divorced
• Married • Alcoholic
• Church member • Tattooed
• Older
• Heavier
• Have children
• Have a higher education
• Never been arrested
• Have high self-esteem
• High achiever
41
42. Financial Statement Fraud
• Definition – Deliberate misstatements or omissions
of amounts or disclosures of financial statements to
deceive financial statement users, particularly
investors and creditors
• Financial statement fraud has become a daily thing.
Press reports challenge the corporate responsibility
and integrity of major companies such as Lucent,
Xerox, Rite-Aid, Waste Management,
Microstrategy, KnowledgeWare, Sunbeam,
Cendent, and ZZZ Best, Enron, WorldCom, Qwest,
Madoff, Satyam, Stanford Financial, and Parmalat.
42
43. High-Profile Financial statement
Fraud
Basis of the Fraud Older Example Year Recent Example Year
Fictitious revenue, ZZZZ Best Enron
documentation forgery and 1987 2001
theft of corporate assets
Personal use of assets, false Phar-Mor 1992 Adelphia 2002
documentation and financial
statement fraud
Capitalizing expenses, among Waste 1997 WorldCom 2002
other issues Management
Abuse of accounting Savings and Loan 1982 Stock Options
standards Crisis Backdating 2006
44. Symptoms of Financial
Statement Fraud
• Continuous Deterioration of Quality and
Quantity of Earnings
• Inadequacy of Cash Flow
• Overstatement of Inventories
• Overly Aggressive Accounting
• Management ―Short-termism‖
• Improper Revenue Recognition
• Overstatement of Assets
45. Elements of Fraud
• A false representation of a material nature
• Knowledge that the representation is false or
reckless disregard for the truth (Scienter)
• Reliance on the false representation by the
victim
• Financial damages are incurred (to the
benefit of the perpetrator).
• The act was intentional.
46. Auditor and Investigator
Responsibilities
• External Auditors (CPAs)
SAS 99: Consideration of Fraud in a Financial Statement Audit
– Design audit to provide reasonable assurance of detecting fraud that could have
a material effect on the financial statements.
– Perform fraud-related procedures
SAS 54: Illegal Acts
– Focused primarily is on direct-effect illegal acts
SAS 61: Communication with Audit Committees
• Internal Auditors (CIAs)
SIAS 3: Deterrence, Detection, Investigation, and Reporting of Fraud
• Governmental Auditors
Focus on laws and regulations (compliance), design audit to detect abuse
and illegal acts, report to the appropriate authority
• Certified Fraud Examiners (CFEs)
Assignments begin with predication (probable cause)
46
47. Auditor’s Responsibility for
Detecting Fraud
• GAAS makes NO DISTINCTION
between the auditor’s responsibilities for
searching for errors or for fraud
• Per SAS No. 99, auditors must
specifically assess the risk of material
misstatement due to fraud
47
48. Assessing the Risk of Fraud
• Pressure or incentive to commit the fraud
Direct financial gain, such as misappropriation
of assets or retaining job
Indirect financial gain, such as increase in
stock price
• Perceived opportunity to commit the fraud
Can fraud be perpetrated without detection?
48
49. Misappropriation of Assets
Risk Factors
• Susceptibility of assets
to misappropriation
• Employee relationships
or pressures
• Deficiencies in internal
control
49
50. Red Flags
• Personal financial pressure
• Vices (drugs, alcohol or gambling)
• Extravagant lifestyles
• Real or imagined grievances against
company
• Related parties
• Increased stress
• Internal pressures
50
51. How Frauds Occurred
• Poor internal controls
• Management override of internal controls
• Collusion between employees and third
parties
• Collusion between employees or
management
• Lack of control over management
• Poor or nonexistent corporate ethics policy
51
52. Reasons Auditors Fail to Detect Fraud
• Over reliance on client representations
• Lack of awareness or failure to recognize
that an observed condition may indicate a
material fraud
• Lack of experience
• Personal relationships with clients
52
53. SAS No. 99
The Fraud Triangle
Rationalization
Incentives/ Opportunities
Pressures
53
54. The Fraud Triangle
• Incentives/Pressures
95 percent of all fraud cases involve either:
– Financial pressures
– Vice-related pressures, including drug or alcohol
addiction
– Expensive romantic relationships
– Need to maintain a particular lifestyle
– Medical problems
54
55. The Fraud Triangle
• Rationalization is the reconciliation
of what we are doing with what our
conscience tells us we should do.
• "I was only borrowing it;
I planned to return it after things
improved."
55
56. The Fraud Triangle
• Opportunity
Easiest to control of the three components
Most frequently achieved with internal
controls
– Segregation of duties
– Authorizations
– Independent checks
– Physical safeguards
– Adequate documents and records
56
58. Evaluate Control
Environment
Tests of Controls
Audit Inherent Risk X Control Risk X
= Detection Risk
Risk
Errors Errors Errors Analytical
Procedures
Misappropriation Misappropriation Misappropriation Tests of
of Assets of Assets of Assets Details
Financial Financial
Statement Statement
Financial
Fraud Fraud Forensic
Statement
Fraud Procedures
Evaluate
Management Evaluate Top
Controls Over
Integrity Management
Assets
Controls
R R
1 2
Incentive/ Opportunity
Pressure
Incentive/ Attitude/ Opportunity
Pressure Fraud Rationalization Fraud Risk
Risk Factors Fraud Risk Factors
Factors
58
59. Audit of Defined Benefit
Pensions
Employer-defined benefit pension reforms, as proposed by the
administration and introduced by both the House and the
Senate, would require plan sponsors to make minimum funding
contributions equal to the greater of:
(1)the contributions required under the plan’s funding standard
account estimated based on the plan’s actuarial accrued
liability,
(2)deficient reduction contributions calculated under current
liability rules.
These reforms would replace the current law’s “double-barrel”
system with a single measure of assets and liabilities and
required funding method.
60. Auditors’ Liability Limitation
Agreement
In February 2006, the Federal Financial Regulatory Agencies
issued an interagency advisory that raised concerns regarding
the negative impacts on the quality and reliability
of audits when financial institutions agree to limit their
independent auditors’ liability.
The advisory, while observing an increase in the types and
extent of provisions in financial institutions’ external audit
engagement letters that limit auditor liability, informs
financial institutions that they should not enter into an audit
engagement that includes unsafe and unsound limitation of
liability provisions relevant to an integrated audit of their
financial statements and ICFR.
62. Conclusion
• The audit function should be regarded as an external corporate
governance mechanism that serves to protect investors from
receiving incomplete, inaccurate, or misleading financial information
and thus adds value to the effectiveness of corporate governance.
• SOX drastically changed the characteristics of the accounting
profession by connecting the audit function to the corporate
governance structure by requiring that the audit committee be directly
responsible for not only hiring, compensating, and firing external
auditors, but also overseeing their work, monitoring their
independence, and avoiding potential conflicts of interest.
• In the auditing profession, the so-called expectation gap is referred
to as the difference between (1) what the investing public and other
users of audited financial statements believe the responsibilities of
auditors are, and (2) what auditors are willing to assume as
responsibilities according to their professional standards.
• New PCAOB AS No. 5 superseded AS No. 2 and requires the
independent audit to opine only on the effectiveness of ICFR, not the
management processes and assessments concerning ICFR.
63. Conclusion
• Sections 201 and 202 of SOX require that all audit and permissible
nonaudit services to be performed by the company’s independent
auditor be approved by the audit committee.
• Auditor independence is the backbone of the auditing profession,
affecting the auditor’s planning, evidence-gathering procedures,
findings, judgment, and credibility, and public trust in the auditor’s
opinion.
• Auditor independence is derived and guided by these three
principles: (1) independent auditors may not audit their own work, (2)
independent auditors may not function in the role of their client’s
management, and (3) independent auditors may not serve in an
advocacy role for their audit clients.
• Tests of controls must be broadened to include understanding of
ICFR and provide reasonable assurance about the effectiveness of
both the design and operation of internal controls.
• Any contractual provisions that limit the external auditor’s liability or
require waiving the right to a jury trial may have detrimental effects
on auditor impartiality, objectivity, and quality.